Freeradius 2.1.12 Second LDAP Server

A.L.M.Buxey at A.L.M.Buxey at
Mon Sep 16 16:33:07 CEST 2013


>    Could not authenticate user Username%Password with plaintext password
>    challenge/response password authentication succeeded

thats okay. means you couldnt do PAP and only MSCHAPv2 worked. expected for that command.

>    In this Step, i must edit the following line with this text in the file:
>    /etc/freeradius/modules/mschap
>    ntlm_auth = "/path/to/ntlm_auth --request-nt-key
>    --username=%{mschap:User-Name:-None}
>    --domain=%{%{mschap:NT-Domain}:-MYDOMAIN}
>    --challenge=%{mschap:Challenge:-00}
>    --nt-response=%{mschap:NT-Response:-00}"
>    But my default commented ntml_auth looks like this:
>    ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
>    --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
>    --challenge=%{%{mschap:Challenge}:-00}
>    --nt-response=%{%{mschap:NT-Response}:-00}"

the docs and default values have seperated over time.  

>    In my default ntlm_auth, the option
>    "--domain=%{%{mschap:NT-Domain}:-MYDOMAIN}" is missing. Should i add it?

depends on what you want to do and need to do. do you TRUST your clients to be sending the correct
domain?  I I've set the domain manually.

>    $ radtest -t mschap bob hello localhost 0 testing123

>    First Line:
>    bob Cleartext-Password := "hello"

whats the users file got to do with anything? if you have clashing usernames you will have a few problems.
i expect you are trying to test your AD? the radtest failed due to incorrect password.. ie the AD is not bob/hello

I'd recommend using 'eapol_test' for better/advanced testing - its part of the wpa_supplicant

>    @Mathieu
>    Is there a current RADIUS-book that you can recommend?

"FreeRADIUS for beginners" is a good current book


More information about the Freeradius-Users mailing list